Projects: Seven Key Steps for Risk Management

by David Hinde on 15/07/2016

Step one – create a risk management strategy
In my experience risk management is something that is talked about a lot but rarely done well in project management. Creating a risk management strategy early in a project which makes it clear how risk will be managed goes a long way to mitigating this problem. It would outline the way in which risk would be identified, evaluated and dealt with in a project. It would show who should be responsible for carrying out the various risk management roles. It would also define the threshold level of risk that project stakeholders are willing to bear. The strategy is put together at the outset of the project; and would then be reviewed and signed by all the key project stakeholders.

Step two – decide how you will identify risks
Where do you start when it comes to identifying all the potential risks in your project? There are a number of approaches. These include reviewing lessons learned from previous projects, carrying out a risk brainstorming session, using an industry specific prompt list showing likely areas of risk or creating a risk breakdown structure. The latter is a hierarchical diagram like an organization chart. It can be sub divided in a range of ways, for example by product, by team or using PESTLE (political risks, economic risks, social risk, technological risks, legal risks, environmental risks) It can be used as a focal point for a workshop to identify all risks in each area of the project.

Step three – identify some early warning indicators of increased risk
It is all too easy for a project manager to myopically focus on a small set of performance areas such as work completed to schedule. However there are a range of other early warning indicators that identify how the project is performing. For example percentage of approvals accomplished, number of issues being raised and number of defects being captured in quality inspections. Reviewing all these performance aspects of a project increases the likelihood of identifying more critical risks.

Step four – assess the project’s overall exposure to risk
It is good practice to regularly assess a project’s overall exposure to risk. Each risk is assessed in terms of its probability as a percentage and its impact should it occur in monetary terms. By multiplying one by the other an expected value for each risk can be calculated. Adding up the expected values of all the risks gives a monetary figure that gives an indicator of the project’s overall exposure to risk.

Step five – evaluate the proximity of each risk
Another good practice is to assess when each risk is likely to occur. This is called the proximity of a risk. Each risk could be assigned a category depending on when it might occur such as imminent, in the next stage of the project or after the project. The project manager should also consider whether the probability of the risk occurring and/or the impact on the project if they do occur, might vary over time. Having this information can help focus on risks that are of a more pressing concern.

Step six – identify the causes of a risk
Rather than just thinking about the event that may or may not occur such as a road collapsing underneath a heavy load, the project manager should also consider what could cause the risk. This allows for a deeper analysis of any individual risk. If the road collapses it could be caused by heavy rain, bad driving or initial poor construction of the road by the council. Understanding what are the most likely causes for each potential risk event, can help implement better mitigation plans to deal with them

Step seven – focus on opportunities
Risks can also be opportunities. For example a new technology might appear to speed the programming of a software module. If opportunities are spotted the project team might consider three ways of approaching them: exploit them by doing something that ensures they occur, increase the probability or impact of the event occurring or simply reject the opportunity. In practice a good project manager is always looking for opportunities to improve their project, but making this explicitly part of the risk management process, improves the probability of spotting more.